UPDATED VERSION: AutoSploit 2.2

It has been some days since there was a lot of hue and cry about AutoSploit and eventually everything subsided. I wrote about it in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit too. Recently, an updated an improved updated version – AutoSploit 2.2 was released. This post will try to describe the changes between the initial release and the newest version.

What is AutoSploit?

AutoSploit stands for Automated Mass Exploiter. It attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions.

AutoSploit 2.2 Changelog:

Creates a script where you can run AutoSploit easily run_autosploit.sh. This will run AutoSploit in exploit mode against previously discovered hosts in the whitelist.

Creates a script where you can dry run AutoSploit dryrun_autosploit.sh. This will search Censys/Shodan/etc. and do a dry-run against discovered hosts that are in the whitelist. VALIDATE THE DRYRUN REPORT BEFORE LAUNCHING THE ACTUAL EXPLOIT.

Added a dry-run flag. When running without the terminal and the --dry-run flag, msfconsole will not be run. A report will still be produced.

Sanitized whitelist comparison with the host file. All leading and trailing white-spaces should be removed before comparing IPs.

Added an --exploit-file-to-use option. Load exploits directly from the specified file, do not prompt for exploit-file selection if this option is specified.

Added --append/--overwrite to search engines. Specifying either will skip the prompt after a search query. --overwrite will start with a blank file but will append further searches ex: with -s-c--overwrite, both Shodan and Censys results will be appended to a clean file.

Search all fix for append/overwrite flags. Search results is not prompted anymore.

Modified the Exploiter output. Added a tally at the end. Suppressed much of the output during a dry-run.

Bug-fix, --exploit-file-to-use Output an error message to the console if the specified exploit file does not exists.

Featured Post

Three days ago, an updated version – Sysdig Falco v0.15.0 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release incorporates a lot of rule updates that are now also tagged the for MITRE ATT&CK Framework and patches CVE-2019-8339, a medium severity vulnerability.Read more about UPDATE: Sysdig Falco v0.15.0